Ị nwere ike ịgụ gbasara helmfile n'onwe ya yana ọmụmaatụ nke ojiji ya
Anyị ga-amata ụzọ ndị na-edoghị anya isi kọwaa mwepụta na helmfile
Ka anyị kwuo na anyị nwere mkpọ chaatị helm (dịka ọmụmaatụ, ka anyị kwuo postgres na ụfọdụ ngwa azụ azụ) na ọtụtụ gburugburu (ọtụtụ kubernetes ụyọkọ, ọtụtụ aha aha, ma ọ bụ ọtụtụ n'ime ha abụọ). Anyị na-ewere helmfile ahụ, gụọ akwụkwọ ahụ wee malite ịkọwa gburugburu anyị na mwepụta anyị:
.
├── envs
│ ├── devel
│ │ └── values
│ │ ├── backend.yaml
│ │ └── postgres.yaml
│ └── production
│ └── values
│ ├── backend.yaml
│ └── postgres.yaml
└── helmfile.yaml
helmfile.yaml
environments:
devel:
production:
releases:
- name: postgres
labels:
app: postgres
wait: true
chart: stable/postgresql
version: 8.4.0
values:
- envs/{{ .Environment.Name }}/values/postgres.yaml
- name: backend
labels:
app: backend
wait: true
chart: private-helm-repo/backend
version: 1.0.5
needs:
- postgres
values:
- envs/{{ .Environment.Name }}/values/backend.yaml
Anyị mechiri gburugburu 2: mmepe, mmepụta - nke ọ bụla nwere ụkpụrụ nke ya maka eserese ntọhapụ helm. Anyị ga-enye ha otu a:
helmfile -n <namespace> -e <env> apply
Ụdị dị iche iche nke chaatị hel na gburugburu dị iche iche
Gịnị ma ọ bụrụ na anyị kwesịrị iwepụta ụdị dị iche iche nke backend na gburugburu dị iche iche? Kedu ka esi ekpebi ụdị ntọhapụ? Ụkpụrụ gburugburu ebe obibi dị site na {{ .Values }}
helmfile.yaml
environments:
devel:
+ values:
+ - charts:
+ versions:
+ backend: 1.1.0
production:
+ values:
+ - charts:
+ versions:
+ backend: 1.0.5
...
- name: backend
labels:
app: backend
wait: true
chart: private-helm-repo/backend
- version: 1.0.5
+ version: {{ .Values.charts.versions.backend }}
...
Ngwa dị iche iche dị na gburugburu ebe dị iche iche
Ọ dị mma, mana gịnị ma ọ bụrụ na anyị achọghị production
tụgharịa postgres, n'ihi na anyị maara na anyị adịghị mkpa ịkwanye nchekwa data n'ime k8s na maka ọrịre anyị nwere ọmarịcha ụyọkọ postgres dị iche? Iji dozie nsogbu a anyị nwere akara
helmfile -n <namespace> -e devel apply
helmfile -n <namespace> -e production -l app=backend apply
Nke a dị oke mma, ma n'onwe m, m na-ahọrọ ịkọwa ngwa ndị a ga-etinye na gburugburu ebe obibi na-adịghị eji arụmụka mmalite, ma na nkọwa nke gburugburu n'onwe ha. Ihe a ga-eme? Ị nwere ike idowe nkọwa ntọhapụ na nchekwa dị iche, mepụta ndepụta nke ntọhapụ dị mkpa na nkọwa gburugburu ebe obibi wee "bulie" naanị ntọhapụ ndị dị mkpa, na-eleghara ihe ndị ọzọ anya.
.
├── envs
│ ├── devel
│ │ └── values
│ │ ├── backend.yaml
│ │ └── postgres.yaml
│ └── production
│ └── values
│ ├── backend.yaml
│ └── postgres.yaml
+ ├── releases
+ │ ├── backend.yaml
+ │ └── postgres.yaml
└── helmfile.yaml
helmfile.yaml
environments:
devel:
values:
- charts:
versions:
backend: 1.1.0
- apps:
- postgres
- backend
production:
values:
- charts:
versions:
backend: 1.0.5
- apps:
- backend
- releases:
- - name: postgres
- labels:
- app: postgres
- wait: true
- chart: stable/postgresql
- version: 8.4.0
- values:
- - envs/{{ .Environment.Name }}/values/postgres.yaml
- - name: backend
- labels:
- app: backend
- wait: true
- chart: private-helm-repo/backend
- version: {{ .Values.charts.versions.backend }}
- needs:
- - postgres
- values:
- - envs/{{ .Environment.Name }}/values/backend.yaml
+ ---
+ bases:
+ {{- range .Values.apps }}
+ - releases/{{ . }}.yaml
+ {{- end }}
releases/postgres.yaml
releases:
- name: postgres
labels:
app: postgres
wait: true
chart: stable/postgresql
version: 8.4.0
values:
- envs/{{ .Environment.Name }}/values/postgres.yaml
releases/backend.yaml
releases:
- name: backend
labels:
app: backend
wait: true
chart: private-helm-repo/backend
version: {{ .Values.charts.versions.backend }}
needs:
- postgres
values:
- envs/{{ .Environment.Name }}/values/backend.yaml
Ihe edeturu
Mgbe ị na-eji bases:
ọ dị mkpa iji yaml separator ---
, nke mere na ị nwere ike depụta ntọhapụ (na akụkụ ndị ọzọ, dị ka helmDefaults) na ụkpụrụ sitere na gburugburu.
N'okwu a, ntọhapụ postgres agaghịdị etinye na nkọwa maka mmepụta. Dị nnọọ mma!
Ụkpụrụ zuru ụwa ọnụ nwere oke maka mwepụta
N'ezie, ọ dị mma na ị nwere ike ịtọ ụkpụrụ maka chaatị helm maka gburugburu ebe obibi ọ bụla, ma gịnị ma ọ bụrụ na anyị nwere ọtụtụ gburugburu ebe a kọwara, na anyị chọrọ, dịka ọmụmaatụ, ịtọ otu maka mmadụ niile. affinity
, ma anyị achọghị ịhazi ya na ndabara na chaatị ndị ahụ n'onwe ha, nke echekwara na turnips.
N'okwu a, maka ntọhapụ ọ bụla anyị nwere ike ịkọwa faịlụ 2 nwere ụkpụrụ: nke mbụ nwere ụkpụrụ ndabara, nke ga-ekpebi ụkpụrụ nke eserese ahụ n'onwe ya, na nke abụọ nwere ụkpụrụ maka gburugburu ebe obibi, nke n'aka nke ya ga-ewepụ ndị ndabara.
.
├── envs
+ │ ├── default
+ │ │ └── values
+ │ │ ├── backend.yaml
+ │ │ └── postgres.yaml
│ ├── devel
│ │ └── values
│ │ ├── backend.yaml
│ │ └── postgres.yaml
│ └── production
│ └── values
│ ├── backend.yaml
│ └── postgres.yaml
├── releases
│ ├── backend.yaml
│ └── postgres.yaml
└── helmfile.yaml
releases/backend.yaml
releases:
- name: backend
labels:
app: backend
wait: true
chart: private-helm-repo/backend
version: {{ .Values.charts.versions.backend }}
needs:
- postgres
values:
+ - envs/default/values/backend.yaml
- envs/{{ .Environment.Name }}/values/backend.yaml
envs/default/values/backend.yaml
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app.kubernetes.io/name
operator: In
values:
- backend
topologyKey: "kubernetes.io/hostname"
Na-akọwa ụkpụrụ zuru ụwa ọnụ maka eserese helm nke ewepụtara niile na ọkwa gburugburu
Ka anyị kwuo na anyị na-emepụta ọtụtụ ntinye n'ime ọtụtụ mwepụta - anyị nwere ike iji aka kọwaa maka chaatị ọ bụla hosts:
, ma n'ọnọdụ anyị ngalaba ahụ bụ otu, yabụ gịnị kpatara na ị gaghị etinye ya na mgbanwe ụfọdụ zuru ụwa ọnụ ma dochie uru ya na chaatị ndị ahụ? Iji mee nke a, faịlụ ndị nwere ụkpụrụ anyị chọrọ ịkọwapụta ga-enwerịrị ndọtị ahụ .gotmpl
, nke mere na helmfile mara na ọ dị mkpa ka a na-agba ọsọ site na igwe template.
.
├── envs
│ ├── default
│ │ └── values
- │ │ ├── backend.yaml
- │ │ ├── postgres.yaml
+ │ │ ├── backend.yaml.gotmpl
+ │ │ └── postgres.yaml.gotmpl
│ ├── devel
│ │ └── values
│ │ ├── backend.yaml
│ │ └── postgres.yaml
│ └── production
│ └── values
│ ├── backend.yaml
│ └── postgres.yaml
├── releases
│ ├── backend.yaml
│ └── postgres.yaml
└── helmfile.yaml
helmfile.yaml
environments:
devel:
values:
- charts:
versions:
backend: 1.1.0
- apps:
- postgres
- backend
+ - global:
+ ingressDomain: k8s.devel.domain
production:
values:
- charts:
versions:
backend: 1.0.5
- apps:
- backend
+ - global:
+ ingressDomain: production.domain
---
bases:
{{- range .Values.apps }}
- releases/{{ . }}.yaml
{{- end }}
envs/default/values/backend.yaml.gotmpl
ingress:
enabled: true
paths:
- /api
hosts:
- {{ .Values.global.ingressDomain }}
envs/default/values/postgres.yaml.gotmpl
ingress:
enabled: true
paths:
- /
hosts:
- postgres.{{ .Values.global.ingressDomain }}
Ihe edeturu
N'ụzọ doro anya, ịbanye na chaatị postgres bụ ihe na-enweghị atụ, yabụ e nyere akụkọ a naanị dị ka ihe atụ okirikiri na oghere na ka ọ ghara iwebata ntọhapụ ọhụrụ n'ime akụkọ ahụ naanị maka ịkọwa nbanye.
Dochie ihe nzuzo sitere na ụkpụrụ gburugburu ebe obibi
Site na ntụnyere na ihe atụ dị n'elu, ị nwere ike iji dochie ndị ezoro ezo
.
├── envs
│ ├── default
│ │ └── values
│ │ ├── backend.yaml
│ │ └── postgres.yaml
│ ├── devel
│ │ ├── values
│ │ │ ├── backend.yaml
│ │ │ └── postgres.yaml
+ │ │ └── secrets.yaml
│ └── production
│ ├── values
│ │ ├── backend.yaml
│ │ └── postgres.yaml
+ │ └── secrets.yaml
├── releases
│ ├── backend.yaml
│ └── postgres.yaml
└── helmfile.yaml
helmfile.yaml
environments:
devel:
values:
- charts:
versions:
backend: 1.1.0
- apps:
- postgres
- backend
- global:
ingressDomain: k8s.devel.domain
+ secrets:
+ - envs/devel/secrets.yaml
production:
values:
- charts:
versions:
backend: 1.0.5
- apps:
- backend
- global:
ingressDomain: production.domain
+ secrets:
+ - envs/production/secrets.yaml
---
bases:
{{- range .Values.apps }}
- releases/{{ . }}.yaml
{{- end }}
envs/devel/secrets.yaml
secrets:
elastic:
password: ENC[AES256_GCM,data:hjCB,iv:Z1P6/6xBJgJoKLJ0UUVfqZ80o4L84jvZfM+uH9gBelc=,tag:dGqQlCZnLdRAGoJSj63rBQ==,type:int]
...
envs/production/secrets.yaml
secrets:
elastic:
password: ENC[AES256_GCM,data:ZB/VpTFk8f0=,iv:EA//oT1Cb5wNFigTDOz3nA80qD9UwTjK5cpUwLnEXjs=,tag:hMdIUaqLRA8zuFBd82bz6A==,type:str]
...
envs/default/values/backend.yaml.gotmpl
elasticsearch:
host: elasticsearch
port: 9200
password: {{ .Values | getOrNil "secrets.elastic.password" | default "password" }}
envs/devel/values/backend.yaml
elasticsearch:
host: elastic-0.devel.domain
envs/production/values/backend.yaml
elasticsearch:
host: elastic-0.production.domain
Ihe edeturu
Site n'ụzọ, getOrNil
- ọrụ pụrụ iche maka ndebiri aga na helmfile, nke, ọbụlagodi .Values.secrets
agaghị adị, agaghị atụfu njehie, mana ọ ga-ekwe ka nsonaazụ ya jiri ọrụ ahụ default
dochie uru ndabara
nkwubi
Ihe ndị a kọwara dị ka ihe doro anya, mana ozi na nkọwa dị mma nke ntinye n'ọtụtụ gburugburu na-eji helmfile dị ụkọ, na ahụrụ m IaC n'anya (Infrastructure-as-Code) ma chọọ inwe nkọwa doro anya nke ọnọdụ mbupu.
N'ikpeazụ, ọ ga-amasị m ịgbakwunye na mgbanwe maka ọnọdụ ndabara nwere ike, n'aka nke ya, na-ejikọta ya na mgbanwe gburugburu ebe obibi nke OS nke otu onye na-agba ọsọ nke a ga-esi na ya malite ọrụ ahụ, ma si otú ahụ nweta gburugburu ebe dị ike.
helmfile.yaml
environments:
default:
values:
- global:
clusterDomain: {{ env "CLUSTER_DOMAIN" | default "cluster.local" }}
ingressDomain: {{ env "INGRESS_DOMAIN" }}
isi: www.habr.com